Tag

#npm

27 stories taggednpm · page 2 of 2.

Identity & Access

Poisoned npm Package Stole OpenAI Codex Tokens — and the GitHub Repo Looked Fine

codexui-android published clean source code while shipping malicious artifact builds that harvested refresh tokens. The gap between repo and registry is where the attack lived.

2 min
Vulnerabilities

Miasma Attack Targets Red Hat Packages

Supply chain breach deploys credential-stealing worm through compromised npm packages.

2 min
Threat Intelligence

Malicious npm Package codexui-android Pulls 29K Weekly Downloads, Targets OpenAI Codex Tokens

A package posing as a remote web UI for OpenAI Codex is harvesting developer credentials. It's still live on npm and GitHub.

2 min
Threat Intelligence

GlassWorm Is Down. The Repository Problem Isn't.

CrowdStrike, Google, and Shadowserver severed four C2 channels simultaneously. Meanwhile, 157 OSV false positives quietly eroded trust in the tools defenders depend on.

3 min
Threat Intelligence

CrowdStrike, Google and Shadowserver Pull the Plug on GlassWorm's C2

A coordinated takedown severed every known command channel of the developer-targeting worm — for now.

2 min
AI Security

The npm Package That Reached Into Claude's Sandbox

A bait package called mouse5212-super-formatter quietly siphoned files from the directory Anthropic's Claude uses to handle user uploads, exfiltrating them to a GitHub repo controlled by the author.

2 min
Threat Intelligence

Glassworm's blockchain command channel went down. Nobody will say who pulled the plug.

Researchers say the developer-targeting botnet is offline after its Solana and BitTorrent DHT C2 was disrupted. The mechanics of the takedown, and who authorised it, remain unexplained.

3 min
Vulnerabilities

Your CI Pipeline Is Already Too Late — CVE Lite CLI Disagrees With Your Entire Workflow

An OWASP-backed JavaScript dependency scanner built by Sonu Kapoor wants to catch vulnerable packages the moment a developer types the install command, not when the build breaks at 2 a.m.

3 min
Threat Intelligence

TrapDoor: The Supply Chain Campaign That Wants Your Whole Dev Environment, Not Just Your Secrets

A cross-registry malware campaign hitting npm, PyPI, and Crates.io is going after CI/CD pipelines, SSH trust chains, and AI coding assistant files — not just credentials on install.

3 min
Threat Intelligence

The Boring Attacks Are Winning: Why Defenders Keep Losing to Trusted Tools

Leaked tokens, poisoned npm packages, and login replays are doing more damage than zero-days this quarter. Here is how to spot the pattern before it spots you.

3 min
Threat Intelligence

TrapDoor Campaign Plants Credential Stealers Across npm, PyPI, and Crates.io

A coordinated operation seeded 34+ malicious packages across three registries since May 2026. If you ship code, this one is sitting in your dependency tree right now.

3 min
Policy & Regulation

npm Introduces Staged Publishing With Mandatory 2FA Gate for Maintainer Approval

GitHub's package registry now requires a human maintainer to clear a two-factor challenge before a release leaves a staging area, a control aimed at the supply chain attacks that have repeatedly compromised the JavaScript ecosystem.

2 min
© 2026 Threat Vectr